1. Field of the Invention
The invention relates to a method of secure transmission of digital data relating to a document between any of a scanner, a printer and a host computer such as a user workstation, interconnected by a digital network.
2. Discussion of the Background Art
Nowadays, the generating and printing of documents must comply with various different levels of security. Furthermore, various printing organizations/configurations exist that may introduce distances both in time and in space between the generating of the document and the printing proper thereof. Such distances may have various aspects, such as: generating a document at home and using the Internet for transferring to/printing at the Office; composing a document and putting it in a printing queue that resides in a Mailbox of a shared printer, e.g. Océ 3165™, such as through storing on a hard disk that is located therein; letting the electronic version of a printed document after actual printing thereof remain stored for a certain interval of time, such as twenty-four hours, in an intermediate storage facility that is more or less freely accessible, and various others.
In particular, European Patent Application Publication No. A1 0 929 023 discloses a secure printing approach wherein the document is encrypted with a session key and according to a bulk encryption algorithm, and furthermore the session key is encrypted with the intended recipient's public key (PUK). The complete print job is then transmitted to a document store. The recipient will use a so-called smart card containing his private key (PRK) for authentifying to the printer; the latter takes the identity from the card to search for documents intended for the recipient; these are then sent from the document store to the secure printer which first decrypts the session key using the recipient's PRK and then uses the decrypted session key to decrypt and print the document.
The method in the above-mentioned reference, although offering a certain degree of security, still is vulnerable to dedicated code-breaking techniques. The transmitted encrypted document file still includes information that can be used to decrypt it. In particular, the encrypted session key may be extracted from the transmitted file and, since it is relatively short, the session key may be decrypted by a massive trial-and-error attack.
Moreover, the method in the above-mentioned reference is less flexible on the basis of an individual document. For example, the recipient must have a smart card which requires physical transport thereof, but on the other hand, the recipient will then be able to view all documents intended for the assumed holder of the card. The above-mentioned reference does not provide for individual access to just one document. Furthermore, before transmitting of the document, the sender must know the intended recipient's identity, which is not always feasible.
Further, WO 02/41133 discloses a printing system including a print job source, such as a user PC including a print driver, a spooling server and a printer having a polling device. Print jobs are encrypted at the print job source, using an encryption key based on user-specified data, and transferred to the spooling server. In the spooling server the print job is decrypted and stored. The polling device in the printer may then poll the spooling server for any jobs intended for the printer. If there is such a print job at the spooling server, the latter re-encrypts the print job with the same key and sends the job to the printer polling device, where a user must input the same user-specified data. Based on those, the polling device forms a key, decrypts the print job and forwards it to the printer.
According to the disclosure of WO 02/411133, the print job is completely encrypted, and therefore becomes an unrecognizable block of data. It can therefore only be handled by a system that knows what it is beforehand, such as in point-to-point transfers, or decrypts it to get more information. Yet, intermediate decryptions decrease the job security and should therefore be avoided.
Likewise, US 2002/0078351 A1 discloses a system in which a file is encrypted for a point-to-point transfer, using a key that is entered both at the sending site and at the receiving site. The file itself can no longer be recognized once it is encrypted.